2020 Materials

2020 Incident Response Forum Materials 

 

DATA BREACH RESPONSE: COVID-19 AND OTHER BIG ISSUES GOING FORWARD

• COVID-19: Regulator Guidance on Privacy and Cybersecurity Issues Raised as Companies Respond to the Pandemic (Willkie Farr & Gallagher LLP, March 2020)
• NY DFS Cybersecurity Regulation, Two Years In—What Comes Next? (Phyllis Sumner, Banking Law Journal, 2019)
• Data Breach Litigation Trends to Watch (Phyllis Sumner, et al, Bloomberg Law, 2019)
• Are U.S. Consumers Suffering from Data Breach Notification Fatigue (Insurance Business Magazine, 2019)
• Is Amazon Liable for the Capital One Hack?  (John Reed Stark Consulting, 2019)
• Notes from a Law Firm Chief Privacy Officer: New Demands  (Phyllis Sumner, Law 360, August 2017)
• Seventh Circuit Rejects FTC Authority to Obtain Equitable Money Relief Under Section 13(b) of the FTC Act (Trust Anchor, Doug Meal, et al 2019)
• Is Your Business Prepared for a Possible Iranian Retaliatory Cyberattack? (Barnes & Thornburg, 2020)
• Here are the Ten Biggest Breaches of the 2010s (Business Insider, 2020)
• Cyber Risk Are More Likely Now, (D&O Diary, 2019)

 

COUNSELING BOARDS AND THE C-SUITE BEFORE THE INEVITABLE BREACH

• Global Fraud and Risk Report 2019/20: Mapping the New Risk Landscape (Kroll, 2020)
• Here’s what went wrong for Equifax in those first 48 hours  (John Carlin and David Newman, September, 2017)
• What the Capital One Hack Means for Boards of Directors  (John Reed Stark Consulting, August 2019)
• Cybersecurity Preparedness & Response Alert: Effective Cybersecurity: You Have a Breach Response Plan … Now How Do You Test It?  (Alston & Bird, December 2015)
• New York Cybersecurity Rules: What Firms Need to Know  (Kimberly Peretti and   Nameir Abbas, Securities Regulation, Daily, 2017)
• Here’s what went wrong for Equifax in those first 48 hours  (John Carlin and David Newman, September, 2017)
• Cyber Awareness to Cyber Expertise: The Evolution of Board Cyber Risk Management  (Phyllis Sumner and Nick Oldham, January, 2016)

 

RESPONDING TO BUSINESS EMAIL COMPROMISE ATTACKS

• Image Exploits: With the Tax Season Come the Thieves  (Sean Hoar, Digital Insights Blog, 2019)
• The Decade Big-Money Email Scams Took Over  (Wired, 2019)
• Cybercrime: Beware the Business Email Compromise (DLA Piper, 2019)
• FinCEN Business Email Compromise Advisory (FINCen, 2019)
• FBI Cyber Warning: Attacks on Key Employees Up 100%, As 281 Are Arrested (Forbes, 2019)
• Ex-Employee Sued by Firm After Falling for BEC Scam (CISO Online, 2019)

 

MANAGING THE INSIDER THREAT IN THE WORLD OF CYBER

• How the FBI Tracked Down the Spy Who Couldn’t Spell (CNN, 2019)
• Capital One Breach Shines Spotlight on Insider Threats (Joel Griffin, Security Info Watch, 2019)
• 5 Ways to Defang The “Insider Threat” Of Cybersecurity (CSO Online, 2019)
• Insider Threat: The Human element of Cyber-Risk (McKinsey &Co., 2018)
• The Spy Who Couldn’t Spell: How the Biggest Heist in The History of US Espionage Was Foiled (The Guardian, 2016)
• The 21st Century Genesis of the Bad Leaver (John Reed Stark, BNA Privacy and Security Report, 2012)

 

INCIDENT RESPONSE AND THE CALIFORNIA CONSUMER PRIVACY ACT AND GDPR

• GDPR: 160,000 Data Breaches Reported Already, So Expect the Big Fines to Follow (ZDNet, 2020)
• The CCPA Is Now in Effect – A Resource Guide  (Akin Gump, 2020)
• Taking Stock of CCPA Amendments and Privacy Measures Passed by the California Legislature This Session That Now Await the Governor’s Consideration  (Natasha G. Kohne, Dario J. Frommer and Diana E. Schaffner, 2019)
• New Data Privacy and Security Laws Put U.S. Companies on the Defensive  (Michelle Reed and Natasha Kohne, Corporate Business Journal, December 2019)
• A GDPR Primer for U.S.-Based Cos. Handling EU Data: Part 1  (Caroline Krass, et al, Law 360, 2017)
• Massive GDPR Fines Have Serious Implications for Corporate Risk  (Kevin LaCroix, July 2019)
• California Privacy Law May Spur Data Breach Lawsuit Wave  (Bloomberg Law, 2019)
• California Consumer Privacy Act (CCPA)  (State  of  California Department of Justice)

 

RESPONDING TO RANSOMWARE ATTACKS

• Immediate Steps for Communicating After a Ransomware Attack (Sard Verbinnen & Co)
• Best Practices for Victim Response and Reporting of Cyber Incidents (DOJ, September 2018)
• Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources (DOJ, February 2020)
• Ransomware’s Dirty Little Secret: Most Corporate Victims Pay  (John Reed Stark Consulting, 2019)
• Ransomware: To Pay or Not to Pay (Intelligent CIO, 2020)
• Ransomware: Recommendations for Preparation and Response  (Christopher E. Ballod, Frank J. Gillman and Sean B. Hoar, Digital Insights Blog, 2019)
• How to Manage the Ransomware Crime Wave  ( John Reed Stark, Duke Law Magazine, 2019)
• Ransomware Attacks: Why it Should Matter to Your Business (Colin R. Jennings and Erika A. Johnson, National Law Journal, 2019)

 

NATIONAL SECURITY and CYBER-ATTACKS

• IRANIAN RETALIATORY OPTIONS & TACTICS, TECHNIQUES AND PROCEDURES (TTP) (Daron Hartvigsen, Brandon Catalan, and Luke Tenery, Ankura Consulting Group, January 2020)
• Ten Lessons from Six 2018 DOJ Indictments of State-Sponsored Hackers  (Kim Peretti, Emily Poole, and Nameir Abbas, Alston Cyber Alert, 2019)
• Cybersecurity Requirements Clarified  (National Defense, 2017)
• Here’s what went wrong for Equifax in those first 48 hours  (John Carlin and David Newman, Aspen Institute, 2017)
• “Cybervandalism” or “Digital Act of War”? America’s Muddled Approach to Cyber Incidents Won’t Deter More Crises  (Charlie Dunlap, Lawfire, 2017)
• Are Cyber Norms as to What Constitutes an “Act of War” Developing as we Would Want?  (Charlie Dunlap, Lawfire, 2017)

 

CYBER-INSURANCE (TRENDS AND HOW TO GET PAID); CLASS ACTIONS (TRENDS AND HOW TO AVOID); AND DAMAGES (TRENDS AND HOW TO CALCULATE)

• After a Ransomware Attack, Does Property Insurance Cover Damaged Software and Hardware? (Barnes & Thornburg, February 2020)
• Courts Favor Crime Coverage Of Email Hacks – For Now (Barnes & Thornburg, March 2019)
• Some Good News for the Cybersecurity Class Action Bar    (John Reed Stark Consulting, September 2019)
• Who Gets Coverage? Cyber Insurance and Credit Card Risks: Will Coverage Apply After the P.F. Chang’s Denial?  (Scott Godes, Barnes & Thornburg 2017)
• Will Your Company’s Insurance Cover Losses Due to Phishing and Social Engineering Fraud? (Scott Godes, 2019)
• What Mondelez v. Zurich May Reveal About Cyber Insurance in the Age of Digital Conflict (LawFare, 2019)
• The Pros and Pitfalls of Cybersecurity Insurance, (Jeff Bounds, D CEO, 2019)
• War Exclusions and Cyber Attacks, (Bill Boeck, D&O Diary, 2019)
• Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong, (NY Times, 2019)
• Claims Against Directors for Failure to Insure Against Cyber Risk Are More Likely Now, (D&O Diary, 2019)

 

FINANCIAL REGULATORS, CYBERSECURITY AND DATA BREACHES

• The SEC’s use of Big Data in the next decade: Where are we now? (Willkie Farr & Gallagher LLP)
• SEC Office of Compliance Inspections and Examinations Issues Observations on Cybersecurity and Resiliency Practices (Willkie Farr & Gallagher LLP)
• Bank Regulators Issue Joint Statement on Heightened Cybersecurity Risk (Jones Day, 2020)
• Beyond Disclosure: SEC Reinforces Public Company Cybersecurity Obligations (Willkie Farr & Gallagher 2018)
• SEC “Outsider Trading”​ Enforcement: The Silence is Deafening (Law 360, John Reed Stark, 2018)
• SEC & FINRA Set Exam Priorities; SEC Issues Cybersecurity Tips: Regulatory Update for February 2020 (JD Supra, 2020)
• Cybersecurity and Resiliency Observations, SEC Office of Compliance Inspections and Examinations (2020)
• OCIE Provides Observations on Cybersecurity and Operational Resiliency Best Practices (David Dickstein and Elise Michael, National Law Review, 2020)